68e467a157e68f55ee95455ff7a9dc5915788c404d3dfa74034fcec8c17eb08e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill
Size

387KB
Sample

240307-gndyysfh9v
MD5

fa96a7c1c05185f062d1c6bef8e3635b
SHA1

f65c61064983317748f1fa10e489918c42b50a5f
SHA256

68e467a157e68f55ee95455ff7a9dc5915788c404d3dfa74034fcec8c17eb08e
SHA512

b628bb90f8459072d8db4d3425740883ebb4937b82234467d8541e1eeb74205e931a253766c8a891278e02f081ec7ce45fae52337d22f45582e7609ca6c0c6fc
SSDEEP

12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9se204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sf

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill
- Size
  
  387KB
- MD5
  
  fa96a7c1c05185f062d1c6bef8e3635b
- SHA1
  
  f65c61064983317748f1fa10e489918c42b50a5f
- SHA256
  
  68e467a157e68f55ee95455ff7a9dc5915788c404d3dfa74034fcec8c17eb08e
- SHA512
  
  b628bb90f8459072d8db4d3425740883ebb4937b82234467d8541e1eeb74205e931a253766c8a891278e02f081ec7ce45fae52337d22f45582e7609ca6c0c6fc
- SSDEEP
  
  12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9se204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sf
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2